Communication system and method

ABSTRACT

The invention relates to a communication system which comprises at least one user equipment having a plurality of identities associated therewith. The user equipment has means for storing at least one of the identities. Storage means are provided for storing at least one of the plurality of identities and means for receiving identity information from the user equipment, for obtaining from the storage means at least one identity associated with the received identity information and for sending to the user equipment the at least one obtained from the storage means.

FIELD OF THE INVENTION

The present invention relates to a communication system and method.

BACKGROUND OF THE INVENTION

A communication system can be seen as a facility that enablescommunication between two or more entities such as user equipment and/orother nodes associated with the system. A communication system typicallyoperates in accordance with a given standard or specification which setsout what the various elements of the system are permitted to do and howthat should be achieved. For example, the standard or specification maydefine if the user, or more precisely the user equipment or terminal, isprovided with a packet switch server and/or a circuit switch server.Communication protocol and/or parameters which are used for theconnection may also be defined. In other words, a specific set of“rules” on which the communication can be based need to be defined toenable communication by means of the system.

Communication systems providing wireless communication for the userterminal or other nodes are known. An example of a wireless system is acellular network. In cellular systems, a base transceiver station (BTS)or similar access entity serves mobile stations (MS) or similar wirelessuser equipment (UE) via a wireless interface between these entities. Theoperation of the base station and other nodes required for thecommunication can be controlled by one or several control entities. Thevarious control entities may be interconnected. One or more gatewaynodes may also be provided for connecting the cellular network to othernetworks such as to a public switched telephone network (PSTN) and/orother communication networks such as an IP (internet protocol) and/orother packet switched networks.

A communication system may be adapted to provide wireless datacommunication services such as packet switched (PS) services for amobile station. Examples of systems enabling wireless data communicationservices, without limitation to these, include the general packet radioservice (GPRS), the enhanced data rate for GSM evolution (EDGE) mobiledata network, the so-called third generation (3G) telecommunicationsystems such as the universal mobile telecommunication system (UMTS),i-phone or IMT-2000 (international mobile telecommunications) and theterrestrial trunked radio (TETRA) system.

In the third generation system, it has been proposed to provide amultimedia network architecture. It is intended that a multimediaarchitecture be able to handle different kinds of data such as voice,audio, video, data per se and indeed any other type of media. It hasbeen proposed to have an IP (internet protocol) multimedia subsystem forsuch a network architecture. Thus, the subsystem of the architecture isarranged to transfer data between the various entities in packet dataform, in accordance with the internet protocol.

The IP multimedia subsystem comprises all core network elements forprovision of a multimedia service. This includes the collection ofsignalling and bearer related network elements. IP multimedia servicesare arranged to use the packet switch domain. The IP multimedia corenetwork is arranged to enable PLMN operators to offer their subscribersmultimedia services based on and built upon internet applications,services and protocols. It is intended that the IP multimedia corenetwork subsystem should enable convergence of and access to voice,video, messaging, data and web based technology for wireless users.

The proposed third generation multimedia network architecture may haveseveral different servers for handling different functions. Theseinclude functions such as the call state control functions (CSCFs). Thecall state control function may comprise functions such as a proxy callstate control function (P-CSCF), interrogating call state controlfunction (I-CSCF), and serving call state control function (S-CSCF).Control functions may also be provided by entities such as a homesubscriber server (HSS) and various application servers.

In the currently proposed specification, Third Generation PartnershipProject; Technical Specification Group Services and System Aspect; IPmultimedia subsystem (IMS) stage 2, (release 5), which is hereinincorporated by reference, there are various identities that may beassociated with a user of an IP multimedia service. These identitiesinclude private user identity and public user identities. Theseidentities are provided in an IM Subscribers Identity Module ISIM. EachISIM is an application in the Universal Integrated Circuit Card UICCcard of the user equipment. However, in earlier versions of thespecification, the UMTS Subscriber Identity Module USIM application inthe UICC card did not include these additional identities. UICC cardwhich conforms to the previous versions of this standard (R99 or Rel-4)can be sold or owned by the subscriber. However, if a user of equipmentwhich is in accordance with the Rel-5 version of the specification wereto try to use an IP multimedia system, they would be unable to do so.

It has been suggested that the required IP multimedia subsystemidentities be derived directly from the international mobile subscriberidentifier (IMSI). However, this has the disadvantage in that this leadsto security and optimisation problems. Additionally, the public useridentities are not user friendly as john.smith@vodafone.com. Rather apublic user identity derived from the IMSI would be something like336574890@22081). Furthermore, additional data base searches would needto be carried out in order to check if the derived public and privateuser identities were valid.

SUMMARY OF THE INVENTION

It is therefore an aim of embodiments of the present invention toaddress or at least mitigate one of the problems described above.

According to a first aspect of the present invention there is provided acommunication system comprising at least one user equipment having aplurality of identities associated therewith, said user equipment havingmeans for storing at least one of said identities, storage means forstoring at least one of said plurality of identities, means forreceiving identity information from said user equipment, for obtainingfrom said storage means at least one identity associated with thereceived identity information and for sending to the user equipment saidat least one identity obtained from said storage means.

According to a second aspect of the present invention there is provideda communication node for use in a communications system, said comprisingmeans for receiving identity information from user equipment, means forobtaining from said storage means at least one identity associated withsaid user equipment based on the received identity information, andmeans for sending to the user equipment said at least one identityobtained from the storage means.

According to a further aspect of the present invention there is provideda communication method comprising the steps of sending from userequipment identity information relating to said user equipment,obtaining at least one identity from storage means based on saididentity information, and sending said obtained at least one identity tosaid user equipment.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of the present invention and as to how thesame may be carried into effect reference will now be made by way ofexample to the accompanying drawings in which:

FIG. 1 shows a communication system architecture in which embodiments ofthe present invention can be incorporated;

-   -   FIG. 2 shows a first information flow in accordance with a first        embodiment of the present invention;    -   FIG. 3 shows an information flow in accordance with a second        embodiment of the present invention;    -   FIG. 4 shows an information flowing in accordance with a third        embodiment; and    -   FIG. 5 shows a further signal flow used in conjunction with FIG.        4.

DESCRIPTION OF PREFERRED EMBODIMENTS OF THE PRESENT INVENTION

Reference is made first to FIG. 1 which shows a possible network systemarchitecture in which embodiments of the present invention can beincorporated. The exemplifying network system 10 is arranged inaccordance with the UMTS 3G specifications. However, it should beappreciated that alternative embodiments of the present invention may beused with other third generation specifications or indeed any othersuitable standard. A user equipment 10 is connectable to a radio accessnetwork 12. This connection between the user equipment 10 and the radioaccess network 12 is via a wireless connection 11. The user equipment 10can take any suitable form and may for example be a mobile telephone, aportable computer, a personal digital assistant (PDA) or any othersuitable wireless equipment. The wireless equipment may or may not bemobile. Embodiments of the present invention are applicable when theuser equipment 10 attaches to a visited network that is not its networkwith which it is normally associated as well as when the user equipmentattaches to its home network.

The radio access network 12 consists at least of a base station andusually also a controller. The radio access network 12 is connected to aGPRS core network. For example, the RAN 12 may be connected to a SGSN 30(serving GPRS support node). The SGSN 30 in turn may be connected to aGGSN 32 (gateway GPRS support node). The SGSN and GGSN 32 constitute theGPRS core network 14. The GGSN 32 is connected to the DHCP (dynamic hostconfiguration protocol) 15. The DHCP 15 is used to provide the userequipment 10 with the domain name of a proxy-CSCF node 16. The P-CSCFnode 16 is connected to the GGSN 32. The DNS 18 is connected to theP-CSCF 16 and to the SGSN 30. The elements marked in block 34 can beregarded as being the visited network.

The home network is marked in block 36. The connection between thevisited and home network is via the GGSN 32 of the visited network and aGGSN 38 of the home network. Between the two GGSNs 32 is a backbonenetwork or other form of connection. The GGSN 38 is connected both to anI-CSCF 20 and an S-CSCF 22. Both of these CSCFs 20 and 22 are connectedto the HSS 24. The S-CSCF is the serving call state control function andis the server currently serving at least one of the user equipment andis in control of the status of that user equipment. The home subscriberserver entity 24 is used for storing registration identities, similaruser related information and the public and private user identities aswill be discussed in more detail hereinafter.

There are various identities that may be associated with the user of anIP multimedia (IM) service. In an IM subsystem, the subscriber shouldhave a private user identity (IMPI). The private identity is assigned bythe home network operator and is used, for example, for registration,authorisation, administration and accounting purposes.

The identity may take the form of a network access identifier as definedin RFC 2486 This is an IETF (internet engineering task force) standard.It is possible that a representation of the IMSI is contained within thenetwork access identifier for the private identity. The private useridentity is not normally used for routing of SIP messages. The privateuser identity may be contained in registration requests passed from theuser equipment to the home network. The private user identity ispreferably a unique global identity defined by the home network operatorwhich may be used within the home network to uniquely identify the userfrom a network perspective. The private user identity may be permanentlyallocated to a user although in alternative embodiments of the presentinvention it may be dynamically allocated. It is preferably valid forthe duration of the subscription with the home network. The private useridentity may be used to identify the user's information such asauthentication information stored within the HSS. The IMPI may bepresent in charging records based on operator policies. It should beappreciated that the IMPI identifies the subscription ie the IM servicecapability and not the user. The HSS and the C-SCCF need to obtain andstore the private user identity in preferred embodiments of the presentinvention.

As far as public user identities are concerned, a subscriber to an IMsubsystem shall have one or more public user identities IMPU. The publicuser identity or identities are used by any user for requestingcommunications to other users. For example, this might be included on abusiness card. Both telecommunication numbering and internet namingschemes can be used to address users depending on the public useridentity that the users have. The public user identity or identities maytake the form of a SIPURL (as defined in RFC 2543 which is hereinincorporated by reference) and RFC 2396 which is also incorporated byreference or E.164 numbers, that is current phone numbers. It ispossible in preferred embodiments of the present invention to registerglobally for example through a single request, a subscriber that hasmore than one public identity associated with it via a mechanism withinthe IP multimedia core network subsystem. This shall not preclude theuser from registering individually some of their public identities ifrequired. Public user identities do not need to be authenticated by thenetwork during registration in preferred embodiments of the presentinvention. The public user identities may be used to identify the userinformation within the HSS.

It should be appreciated that the home network operator is responsiblefor the assignment of the private user identifier and the public useridentifiers. It should be appreciated that some embodiments of thepresent invention may use other identifies that are not defined by theoperator. All public user identities that are associated with the sameservice profile should have the same set of services. It should beappreciated that a given user may have more than one public useridentity which are in turn associated with different service profiles.Each public user identity is only associated with a single serviceprofile in preferred embodiments of the present invention.

Reference is now made to FIG. 2 which shows a first embodiment of theinvention and in particular the signalling flows.

In the first step, S1 the following occurs: A GPRS attach procedure isfollowed, a PDP (packet data protocol) context is established and theP-CSCF discovery procedure is carried out. The GPRS attach procedure isthe procedure by which the user equipment attaches itself the GPRSnetwork. This is known and will not be described in further detail. ThePDP context establishment procedure involves the establishment of theappropriate PDP context bearer using for example the PDP contextestablishment procedure as specified in the third generationspecification 3GPPTS24.008, which is herein incorporated by reference.It should be appreciated that the establishment of the PDP context isknown and will not be described in further detail here. In the P-CSCFdiscovery procedure, this is carried out after the attach procedure andafterwards is part of a successful activation of PDP context. This canuse one of two mechanisms: In one procedure, the DHCP is used andoptionally if required, the DNS in order to obtain the P-CSCF address.This procedure involves the user sending a request to a DHCP server. Itmay request a list of fully qualified domain names of one or moreP-CSCFs and the IP addresses of the DNS servers or it may request a listof the P-CSCF IP addresses. If this does not provide the required P-CSCFaddress, the user equipment may send a query to the DNS server toretrieve a list of the P-CSCF IP addresses from which one is selected.If the response from the DNS server does not contain the IP addresses,an additional DNS query is needed to resolve the fully qualified domainname to an IP address. It should be appreciated that this is by way ofexample only and any suitable procedure can be used to identify thecorrect address of the P-CSCF 16.

In step S2, a REGISTER request is send from the user equipment to theP-CSCF 16. The purpose of this request is to register the user's SIP(session internet protocol) uniform resource identifier with an CSCF 22in the home network. This request is routed to the P-CSCF because it isthe contact point to the IP Multimedia Subsystem for the user equipment.

In step S3, based on the user's uniform resource identifier URI, theP-CSCF 16 determines that the user equipment 10 is registering from avisiting domain and performs a Domain Name Server DNS 18 query to locatethe I-CSCF 20 in the home network. The lookup in the DNS 18 is based onthe address specified in the request URI.

In step S4, the P-CSCF 16 sends the register request, originating fromthe user equipment 10 to the I-CSCF 20 identified in step S3.

In step S5, the I-CSCF makes a request for information relating to thesubscriber (ie the user) registration status by sending a query to theHSS 24. The HSS sends back to the I-CSCF 20 the required capabilities.Based on this information, the I-CSCF 20 selects a suitable S-CSCF 22.

In step S6, the register message is sent by the I-CSCF 20 to theselected S-CSCF 22.

In step S7, an authentication procedure is carried out. On receiving aregister request from an unauthorised user (that is a user which has notyet been authorised), the S-CSCF 22 requires at least one authenticationvector be used in order to challenge the user. If a valid authenticationvector is not available, then the S-CSCF 22 requests such a vector fromthe HSS. In this step, the S-CSCF also indicates to the HSS 24 that ithas been assigned to serve the particular user.

In step S8, the S-CSCF 22 selects the vector for use in theauthentication challenge.

In step S9, the S-CSCF 22 sends the authentication challenge to theI-CSCF 20. In step S10, the I-CSCF 20 forwards that challenge to theassociated P-CSCF 16. In turn, the P-CSCF 16 sends the authorisationchallenge in step S11 to the user equipment 10.

In step S12, the user equipment is arranged to generate response andsession keys.

In step S13, the user equipment 10 obtains the international mobilesubscriber identity IMSI from the USIM application in the UniversalIntegrated Circuit Card UICC card and includes it in the registermessage generated by the user equipment. This register request alsoincludes the response to the user equipment. This register messagecontains integrity protection and thus, the IMSI information can beincluded in this message with better security than if it is included inthe first register message (that is step S2). The register message issent from the user equipment 10 to the P-CSCF 16. Step S14 is similar toS3 and ensures that the P-CSCF 16 sends the register message, in stepS15, to the correct I-CSCF 20.

Step S16 and step S17 are similar to steps S5 and S6 describedpreviously.

In step S18, the S-CSCF 22 checks the UE 10 authentication response andverifies that it is successful.

In step S19, once a user has been registered by the S-CSCF 22, theS-CSCF 22 informs the HSS 24 that the user has been registered. The HSSmay also include the user profile in the response sent back to theS-CSCF 22.

In step S20, if the authentication is successful, the S-CSCF includesthe IMPI and/or registered IMPUs in the message sent to the userequipment. In step S20 the information is sent from the S-CSCF 22 to theI-CSCF 20. In step S21 that information is forwarded to the I-CSCF 20 tothe P-CSCF 16. Finally, in step S21, the message is forwarded from theP-CSCF to the UE 10.

After the UE 10 has received the IMPI and/or IMPUs it will store them inthe user equipment phone memory and use them as defined in IMSspecifications

As the first register message does not include the IMSI, that messageshould include some information which allows the correct HSS 24 to beidentified. For example, the user may be provided with an identificationnumber for the HSS with which it is associated. It should be appreciatedthat in alternative embodiments of the present invention, alternativeways may be used to determine the correct HSS for the user. It shouldalso be appreciated that the messages sent in step S20, S21 and S22 mayneed to be modified to carry the public and private user identities.

Reference will now be made to FIG. 3 which shows an alternativeembodiment of the present invention. Step T1 is the same as step S1 ofFIG. 2.

In step T2 of FIG. 3, a similar function is carried out to that of stepS2 of FIG. 2. However, the IMSI information or identifier derivedtherefrom may be included in the register message. This would allow theHSS for the given UE 10 to be identified. Steps T3 to T12 would be thesame or similar as steps S3 to S12 of FIG. 2. The second registerrequest in step T13 would include the same UE identifier as the firstregister request. As this message has integrity protection, it canconfirm the value sent in step T2. Steps T14 to T18 may be the same assteps S14 to S18 of FIG. 2. In step T19, the S-CSCF 22 may ask the HSSto provide it with the profile of the user including the IMPUs and/orthe IMPI. As a response, the HSS provides the IMPUs and/or IMPI to theS-CSCF. It should be appreciated that in the current specifications, theHSS is able to provide the user profile in a response to a message sentby the S-CSCF.

In steps T20 to T22, an OK message is sent by the S-CSCF to the userequipment. These messages include the public and/or private identities.The numbers or identities are stored in the user equipment.

Reference is now made to FIG. 4 which shows a further embodiment of theinvention. Steps R1 to R19 are the same as described in relation to FIG.3. However, the message sent in steps R20 to R22, the 200 OK message,does not include the private or public identities. Rather after the userequipment has been registered a process is carried out where the publicand/or private identities are obtained. This is shown in FIG. 5.

In FIG. 5, the first step M1 a SUBSCRIBE message is by the userequipment 10 to the P-CSCF 16 With this, the user equipment subscribesto a registration state event packet and uses the IMSI or derived valueas identifier. In step M2, this is forwarded by the P-CSCF 16 to theS-CSCF 22. In step M3 a reply is sent from the S-CSCF 22 to the P-CSCF16 and in step M4 the message is forwarded to the user equipment 10 bythe P-CSCF 16. In step M5, the S-CSCF 22 sends a notify message to theP-CSCF 16 containing the private and/or public identifiers. In step M7,the user equipment sends a reply, a 200 OK message, to the P-CSCF 16which is forwarded to the S-CSCF 22 in step M8.

It should be appreciated that the user equipment may use one or morereceived public or private identifiers in subsequent signalling or cancontinue to use the IMSI or derived value in subsequent signalling.

The subscribe message contains a request for notification on thesubscriber's registration state and it is acknowledged by a 200 OKmessage. In response to this request, the S-CSCF will send a notifymessage to the user including the IMPUs and/or IMPI which the user hasagreed, with its network operator, to be registered upon a successfulregistration. It should be appreciated that the terminal may bepreconfigured to send the subscribe message to its own registrationstate, using the IMSI, right after it has been registered. It should beappreciated that the S-CSCF 22 may obtain the IMPUs and/or IMPIinformation at any suitable time such as during downloading ofsubscriber profile from the HSS in step T19.

In one modification to the embodiments of the invention, as analternative to using the IMSI number, an already GSM attached userequipment could use the temporary IMSI (TIMSI) or the like which theuser equipment receive when attaching the GSM network. Any derived ortemporary identity can be used that uniquely identifies the user for thenetwork. The main benefit of a TIMSI or the like is that no one can see(by eavesdropping the air interface) which user (that is which IMSI)registers to the IMS

Preferred embodiments of the present invention have been described inthe context of GPRS system and an IP multimedia system, It should beappreciated that embodiments of the present invention are not limited tothese systems and may be used in any other system.

1. A communication system comprising; at least one user equipment havinga plurality of identities associated therewith, said user equipmenthaving means for storing at least one of said identities; storage meansfor storing at least one of said plurality of identities; means forreceiving identity information from said user equipment, for obtainingfrom said storage means at least one identity associated with thereceived identity information and for sending to the user equipment saidat least one identity obtained from said storage means.
 2. A system asclaimed in claim 1, wherein said system is arranged such that said userequipment provides said identity information to the receiving means whena secure connection has been established.
 3. A system as claimed inclaim 1, wherein said plurality of identities comprise at least one ofthe following: IMSI, a private user identity; at least one public useridentity.
 4. A system as claimed in claim 3, wherein the user equipmentis arranged to store said IMSI.
 5. A system as claimed in claim 1wherein said identity information comprises at least one of theidentities stored by said user equipment or information derivedtherefrom.
 6. A system as claimed in claim 1, wherein said identityinformation comprises a temporary identification.
 7. A system as claimedin claim 1, wherein said storing means of said user equipment comprisesa subscriber identity module SIM.
 8. A system as claimed in claim 1,wherein said system comprises an IP multimedia system.
 9. A system asclaimed in claim 8, wherein said receiving means comprise a CSCF.
 10. Asystem as claimed in claim 9, wherein said receiving means comprises aS-CSCF.
 11. A system as claimed in claim 1, wherein said storage meanscomprises an HSS.
 12. A system as claimed in claim 1, wherein saidsystem comprises a home network with which the user equipment isassociated normally and a serving network which is one of the homenetwork and a visited network.
 13. A system as claimed in claim 12,wherein said storage means is associated with the home network.
 14. Asystem as claimed in claim 11, wherein said user equipment is providedwith information for identifying the storage means with which the userequipment is associated.
 15. A system as claimed in claim 1, whereinsaid user equipment has means for storing said at least one identityobtained from said storage means.
 16. A communication node for use in acommunications system, said comprising; means for receiving identityinformation from user equipment, means for obtaining from said storagemeans at least one identity associated with said user equipment based onthe received identity information; and means for sending to the userequipment said at least one identity obtained from the storage means.17. A communication method comprising the steps of: sending from userequipment identity information relating to said user equipment;obtaining at least one identity from storage means based on saididentity information; and sending said obtained at least one identity tosaid user equipment.
 18. A method as claimed in claim 17, wherein saididentity information comprises one or more of: an identity of the user,information derived from an identity of the user; a temporary identityassociated with the user.
 19. A method as claimed in claim 17, whereinsaid at least one identity obtained from said storage means comprises atleast one of at least one public identity and a private entity.
 20. Amethod as claimed in claim 17, comprising the step of storing in theuser equipment the obtained at least one entity.
 21. A method as claimedin claim 17, wherein said sending step comprises sending a first messagefrom said user equipment and sending a second message from said userequipment, said first and second messaged comprising said identityinformation, and said second message being more secure than said firstmessage.
 22. A method as claimed in claim 21, wherein said secondmessage is integrity protected.
 23. A method as claimed in claim 17,wherein the obtained at least one identity is sent to said userequipment via a secured connection.
 24. A method as claimed in claim 17,wherein said at least one identity is sent to said user equipment issent in a NOTIFY message.
 25. A method as claimed in claim 17, whereinsaid at least one identity is sent to the user equipment in a 200 OKmessage.